Regulatory compliance and standard requirements

EU moves closer to encryption ban after Austria, France attacks

Draft resolution document setting up an EU-wide ban on end-to-end encryption is set to be waved through this week Continue Reading

ICO sued over ‘failure’ to address ad industry practices

Privacy campaigner the Open Rights Group claims the advertising technology industry is systematically breaching the GDPR, and the ICO is doing nothing about it Continue Reading

Singapore government rolls out digital signature service

Individuals and businesses will soon be able to sign documents digitally using a new service on the Singapore government’s SingPass digital identity platform Continue Reading

EU to introduce data-sharing measures with US in weeks

The European Commission is to issue updated standard contractual clauses (SCCs) that will allow organisations in the EU to exchange data with the US, but they may arrive too late to incorporate into UK law Continue Reading

India and Japan report stronger concern over cyber threats

Security operations teams in the two Asian giants see the increased volume of cyber threats as their biggest challenge amid the Covid-19 pandemic Continue Reading

GDPR lawsuit against Oracle and Salesforce moves forward

Class action suit seeks claims worth more than £10bn over the processing of personal information Continue Reading

Tackling multicloud deployments with intelligent cloud management

Organisations are moving to hybrid and multicloud deployments, which complicates software assets tracking and workload management Continue Reading

ICO slashes Marriott breach fine to £18.4m

Reduced fine reflects both improvements made to hotel group’s cyber security and impact of coronavirus on the travel and hospitality sector Continue Reading

Privacy and online safety are focus of new UKRI research funding

Online safety research centre of excellence will look into technology to boost privacy and tackle disinformation, fake news, conspiracies and other online harms Continue Reading

Barracuda eyes Indochina markets

Barracuda is looking to expand its local presence and headcount in fast-growing emerging markets of Vietnam, Cambodia and Laos Continue Reading

ICO slams Experian over ‘invisible’ data processing

Data processing practices used by Experian broke data protection law, says Information Commissioner’s Office Continue Reading

Calls for clarity over Amazon insider breach

Security experts call for more clarity from Amazon over an apparent leak of customer data Continue Reading

Sopra Steria hit by new version of Ryuk ransomware

IT services company Sopra Steria says it has contained the ransomware virus, but systems will take a few weeks to be fully operational Continue Reading

Pet project: How Pets at Home cares for customers with data analytics

In this week’s Computer Weekly, we talk to the chief data officer of Pets at Home, about using data analytics to care for customers. British Airways had its GDPR fine reduced to just £20m – we ask what this means for data protection regulation. And we look at GPT3, the language prediction tool that could revolutionise AI. Read the issue now. Continue Reading

Forrester: CIOs must prepare for Brexit data transfer

With the end of the Brexit transition period just weeks away, multi-national organisations will need to re-evaluate how intercompany data is transmitted Continue Reading

Cooperation between Norway’s security agencies planned following cyber attack on parliament

Government seeks to develop enhanced national IT infrastructure with an embedded early warning system and defence shield to protect the IT systems of public and private organisations Continue Reading

Protecting remote workers an opportunity to do security better

Securing the fully remote workforce has been a challenge for IT teams, but it presents an opportunity to commit to a higher standard of cyber security, according to a Cisco report Continue Reading

NSA’s top CVE list a timely reminder to patch

Many of the CVEs detailed on the NSA’s top 25 chart are golden oldies Continue Reading

Charities warned over ‘Robin Hood’ cyber criminals

Accepting donations from cyber criminal groups could be deemed as profiting from crime, money laundering or handling stolen goods – so don’t do it Continue Reading

Police given access to self-isolation data

NHS Test and Trace self-isolation data will be made available to police after new guidance changes data-sharing rules Continue Reading

BA breach penalty sets new GDPR precedents

The 90% reduction in the fine levied on BA over a 2018 data breach has legal experts talking about the ramifications for the future of data protection Continue Reading

Podcast: Cybersecurity Awareness Month, Covid-19 and storage

We look at how organisations can use Cybersecurity Awareness Month as an opportunity to revisit their handling of data and compliance, especially with changes brought by Covid-19 and home working Continue Reading

Security Think Tank: Safeguarding PII in the current threat landscape

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

BA argues ICO data breach fine down to £20m

Information Commissioner’s Office levies fine of £20m on British Airways for failing to protect the personal data of hundreds of thousands of passengers – a vast reduction on the initial £183m penalty Continue Reading

Spanish court to question witnesses over ‘illegal surveillance’ of WikiLeaks founder Julian Assange

The Spanish National Court in Madrid is to hear evidence from information security expert Andy Müller-Maguhn and two lawyers who were subject to ‘illegal surveillance’  of their meetings with Julian Assange at the Ecuadorian Embassy in London Continue Reading

Cloud data protection keeps the Crick’s medical research Covid-secure

Cloud data management services from Rubrik gave the Francis Crick Institute a data protection edge and have helped keep its vital work going through the pandemic Continue Reading

Public sector security failings leave UK at risk, says think tank

Reform report urges adoption of new policies in the next version of the UK’s National Cyber Security Strategy Continue Reading

US Elections: Malicious internet domains spike as campaigns heat up

Internet domains related to the US presidential election are 56% more likely to be malicious than regular ones Continue Reading

Fintech ‘unicorn’ Klarna probed over data misuse

Online bank blames misuse of user data on human error as Information Commissioner’s Office weighs in Continue Reading

Suppliers neglecting virtual appliance security, putting users at risk

Software suppliers are often distributing their products on virtual appliances that contain known vulnerabilities or are running outdated or unsupported operating systems, according to a report Continue Reading

Trickbot forced offline in major cyber security victory

Coalition led by Microsoft obtained a court order enabling them to take down the infamous Trickbot botnet’s back-end server infrastructure Continue Reading

Five Eyes spy group again demands access to private messages

Spooks are once again calling for the tech industry to break end-to-end encryption in messaging platforms Continue Reading

Making sense of zero-trust security

Implementing zero-trust security is not an easy feat, but enterprises can still get it right if they approach it from a process perspective and get a handle on their infrastructure footprint Continue Reading

Security Think Tank: Tighten data and access controls to stop identity theft

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

Lapsing ISO certifications: Myth versus risk

Allowing ISO certifications to lapse presents businesses with serious risks when workarounds are possible Continue Reading

NCSC relaunches SME security guide with home working focus

The NCSC is issuing an updated version of its guide to security for SMEs, reflecting the long-lasting changes to the world of work seen in 2020 Continue Reading

Coronavirus face mask spammer fined by ICO

The director of software company Studios MG spammed members of the public at the height of the pandemic as one of its directors tried to shift a job lot of face masks Continue Reading

Crown Prosecution Service suffers 1,600 data breaches in 12 months

CPS sees a spike in data security incidents, many of them serious enough to be reported to the Information Commissioner’s Office Continue Reading

Threat of GDPR fines increasingly driving security buying decisions

Scaring the people who hold the purse strings may be the best option for CISOs who need a little extra budget Continue Reading

5G regulation failures are a threat to UK’s national security

Defence Committee report on the security of 5G brands existing regulations outdated and unsatisfactory Continue Reading

Department for Education failed to protect data on millions of children, says ICO

The Department for Education’s National Pupil Database, which contains millions of items of data on the UK’s schoolchildren, was found to be non-compliant with data protection regulations across the board Continue Reading

ICO wraps up Cambridge Analytica investigation

Information Commissioner’s Office concludes its investigation into Cambridge Analytica, saying no additional evidence has come to light that would change its previous assessments Continue Reading

Southeast Asia remains hotspot for cyber attacks

Geopolitics and Covid-19 have been fodder for cyber criminals to advance their motives in Southeast Asia in 2020 Continue Reading

EU’s top court questions legality of UK phone and internet data surveillance

European Court of Justice rules that the UK and EU member states must comply with EU privacy laws when harvesting people’s sensitive communications data from telecoms and internet companies Continue Reading

The privacy and compliance challenges organisations face in 2021

Privacy and compliance teams have a lot on their plate as 2021 approaches. What are the key issues to consider? Continue Reading

CISOs struggle to keep up with MITRE ATT&CK framework

Despite its proven benefits for security, the MITRE ATT&CK framework is proving difficult for many, according to a joint study from McAfee and UC Berkeley Continue Reading

FBI seized ‘legally privileged’ material from Ecuador Embassy, claims Julian Assange’s lawyer

The US struck a secret deal with Ecuador to seize WikiLeaks founder Julian Assange’s property from the Ecuadorian Embassy in London days before his arrest. The haul included legally privileged documents, says his solicitor Continue Reading

Honesty is the best policy: Forging a security culture in the NHS

Clinician and technologist Sam Shah helped set up NHSX in 2019. Now he’s helping advance digital transformation in healthcare from the outside, and a big part of that is addressing security in the sector Continue Reading

Security pros face sanctions if they help ransomware victims pay

New advisory from the US government warns cyber insurance and incident response specialists that they could be skating on thin ice if they help ransomware victims pay their attackers off Continue Reading

Judge to give verdict on Julian Assange’s extradition after Christmas

Judge Vanessa Baraitser said today that she would make a ruling in early January on whether WikiLeaks founder Julian Assange should be extradited to the US Continue Reading

WikiLeaks revelations ‘shed light of truth’ on war on terror, court hears

WikiLeaks disclosures led to ‘revelations of extraordinary journalistic importance’ about detention in Guantamo Bay and civilian casualties in Iraq and Afghanistan Continue Reading

‘American friends’ spied on Julian Assange in Ecuadorian Embassy, court hears

Two former employees of UC Global, which provides security services to the Ecuadorian Embassy in London, claim the company shared surveillance footage with the US of the WikiLeaks founder meeting with lawyers and other visitors Continue Reading

NatWest offers online banking customers free security services

Bank responds to a surge in cyber crime targeting users of online banking services Continue Reading

Julian Assange would be held in ‘solitary confinement’ in US jail

WikiLeaks founder would be held in a cell the size of a parking space for 22 or 23 hours a day without contact with other inmates before trial Continue Reading

Sustrans opens door to NCSC cyber certification via the cloud

Sustainable transport charity turned to Qualys to help it attain needed certifications to bid for government work Continue Reading

Police Scotland to set up new cyber crime centre

National Centre of Excellence will employ specially trained officers to tackle a vertiginous rise in cyber crime Continue Reading

Security now main driving force behind digital transformation

Organisations are urgently remodelling their core technology stack in the light of the Covid-19 pandemic, and this is pushing security to the top of the agenda Continue Reading

Covid-19 has changed how we think about cyber security forever

Six months into the global pandemic, the true impact on the future of cyber security is beginning to look clearer, says Microsoft’s Ann Johnson Continue Reading

‘Not unjust’ to extradite WilkiLeaks founder Julian Assange, court hears

Nigel Blackwood, NHS consultant psychiatrist, told the Old Bailey court that WikiLeaks founder Julian Assange had ‘moderate depression’ and autistic traits, but said they did not prevent his extradition Continue Reading

NHS whistleblower privacy concerns passed on to regulator, but campaigners not holding their breath

NHS Improvement chair Dido Harding acknowledges receiving concerns raised about the anonymity of whistleblowers, but campaigners have little faith that anything will be done Continue Reading

Government blasted over ‘reckless’ contact-tracing security

The Open Rights Group and Big Brother Watch accuse the government of endangering public health with a reckless attitude to contact-tracing data security Continue Reading

Australians want more control over privacy

Nearly nine in 10 Australians want more control and choice over the collection and use of their personal information amid declining trust in how organisations handle personal data, survey finds Continue Reading

Over half of firms intend to continue US data transfers despite Schrems II

Survey shows many organisations do not intend to significantly change their data-sharing practices, at least until there is more guidance from regulators or governments Continue Reading

GDS reviewing Cloud First policy post-Schrems II

Review seeks to determine the future of government engagement with cloud hosting services as they relate to cross-border data flows Continue Reading

Why business resilience management should be high on the agenda

Business resilience management is key to business survival in the face of rapidly changing IT, cyber threat and regulatory environments Continue Reading

Big questions to be answered over TikTok and WeChat reprieve

TikTok and WeChat seem to have received a stay of execution, but big questions and contradictions remain Continue Reading

WikiLeaks video ‘electrified’ public to civilian war deaths, court hears

New Zealand investigative journalist and author Nicky Hager said that WikiLeaks’ publication of a video showing a US helicopter firing on civilians, along with the publication of secret war logs, ‘electrified’ the world to civilian deaths Continue Reading

Congressman offered Julian Assange a ‘win-win’ deal that would help President Trump

Details have emerged of US congressman Dana Rohrabacher’s offer of a pardon to WikiLeaks founder Julian Assange in a ‘win-win deal that would benefit US President Donald Trump Continue Reading

Top five ways to benefit from tape today

We look at the benefits that tape can bring, including in backup and recovery, long-term and ‘warm’ archiving, compliance and WORM use cases and ‘air gapping’ to protect data Continue Reading

Saudi Arabia sees cyber security boom as coronavirus bites

Saudi Arabian CIOs have been forced to increase their security posture as the Covid-19 pandemic transforms working methods Continue Reading

What are the habits of highly effective CISOs?

Data crunched by Gartner analysts reveals the behaviours that differentiate the top-performing chief information security officers from the pack Continue Reading

Security Think Tank: Edge security in the world of Covid-19

That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentre to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model? Continue Reading

NCSC steps up ransomware support for schools and universities

New alert and updated guidance comes after several academic institutions were targeted in ransomware attacks Continue Reading

Security Think Tank: Edge datacentre security depends on specific needs

That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model? Continue Reading

Gartner Security Summit: Covid-19 brings agile security to the fore

The evolving threat landscape is the top driver impacting cyber security during the next three to five years, and Covid-19 has accelerated the trend towards more agile security deployments Continue Reading

Security Think Tank: No secret sauce for edge security, just good practice

That datacentre security is a complex subject is not in doubt, and given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model? Continue Reading

TikTok-Oracle partnership moves forward for consideration

Joint venture proposal could create thousands of jobs and secure TikTok’s future outside China Continue Reading

Data of every Welsh Covid-19 patient leaked online

Data on all 18,105 people in Wales who have received positive tests for the coronavirus was uploaded to a public-facing web server in error Continue Reading

Travel industry websites are laughably insecure, claims Which?

The travel industry is failing to take the data security of its customers seriously, according to a Which? investigation Continue Reading

Cyber security is next frontier for open source

Open security will facilitate the interoperability and capabilities of cyber security tools while alleviating vendor lock-in for enterprises, says IBM Continue Reading

Julian Assange warned against interrupting witnesses in extradition hearing

On the second day of his extradition hearing at the Old Bailey, judge informs the WikiLeaks founder he could be removed and potentially banned from court for interrupting witnesses Continue Reading

Court rejects request to exclude ‘11th hour’ US evidence against WikiLeaks founder Julian Assange

Lawyers for Julian Assange say the US has introduced an 11th hour indictment against the WikiLeaks founder that provides additional grounds for his extradition Continue Reading

Government DPOs challenged by volume of GDPR work

Data protection officers working across the UK government are finding it tough to keep up with the increased workload generated by GDPR, according to a report Continue Reading

Why predictive threat intelligence is key

Threat intelligence startup Cyfirma is using virtual agents to gather intelligence on potential cyber attacks that are being coordinated in underground forums before they occur Continue Reading

Security Think Tank: Beware security blind spots at the edge

That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model? Continue Reading

Northumbria University suffers major disruption after cyber attack

Some exams cancelled as university appoints external specialists to investigate incident Continue Reading

Sharing responsibility: Why we need to work together to keep the cloud secure

The education sector has been fundamentally altered by months of lockdown, with cloud services topping must-have lists for academic staff, but now it’s time to consider security Continue Reading

Vint Cerf: Why everyone has a role in internet safety

The Covid-19 pandemic has demonstrated the power of internet connectivity. Vint Cerf talks to Computer Weekly about the challenges the internet now faces Continue Reading

Security Think Tank: Security at the distributed edge

That datacentre security is a complex subject is not in doubt, and given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model? Continue Reading

Benefit fraud: Underground trade in stolen identities revealed

A roaring underground trade in stolen identities is undermining the Universal Credit system and could potentially defraud it out of millions of pounds Continue Reading

DDoS downs New Zealand stock exchange for third day

Distributed denial of service attack from overseas has left stock exchange offline for days Continue Reading

NHS whistleblowers’ anonymity at mercy of inadequate trust IT policies and processes

They were clapped in the streets for their bravery at the height of the Covid-19 pandemic, but some NHS staff who raise workplace concerns are suffering abuse as a result Continue Reading

What are the latest GDPR security breach enforcement trends?

A cyber breach specialist from Fieldfisher runs the rule over the latest trends in cyber security, data protection and GDPR Continue Reading

TikTok takes Trump to court

Under-fire video app TikTok files a formal complaint in the federal courts challenging the Trump administration’s attempt to ban it in the US Continue Reading

Getting physical with datacentre security

Whether it is natural disasters, terrorism or break-ins, datacentres will be vulnerable to a range of risks unless they are physically secured. Here’s how you can improve the physical security of your datacentre Continue Reading

TikTok’s GDPR compliance probed amid accusations of data misuse

Dutch privacy organisation SOMI claims TikTok falls short in protecting young users, and that it is likely violating GDPR Continue Reading

MPs accuse ICO of failing to do its job on contact-tracing data

Cross-party group of MPs say the ICO has failed to enforce data protection standards or hold the government to account over the unlawful Test and Trace programme Continue Reading

Australian regulator sues RI Advice for cyber security lapses

The Australian Securities and Investments Commission is suing RI Advice for cyber security breaches at the financial firm’s authorised representatives Continue Reading

UKAS rejects ISO certification concerns

UK’s certification body says refreshed guidance is in place to cover the possibility of lapsed ISO certifications Continue Reading

Social media data leak highlights murky world of data scraping

A data brokerage left its database of 235 million Instagram, TikTok and YouTube profiles exposed to anybody who cared to access it Continue Reading